CISA is world-renowned as the standard of achievement for those who audit, control, monitor, and assess an organization’s information technology and business systems. It is foundational to a successful IT career. CISAs are expected to maintain an adequate level of current knowledge and proficiency in the field of information systems audit, control, and security. CISAs who successfully comply with the CPE policy will be better trained to assess information systems and technology and provide leadership and value to their organizations.

MY-CPE LLC is approved by NASBA and it offers Continuing Professional Education (CPE) courses for the designation provided by ISACA. ISACA does not require its designation holders to take CE from an ISACA-approved CPE provider. We are focused on providing quality continuing education content that incorporates the qualified subject areas. Our NASBA-approved CPE courses are authored/reviewed by industry specialists and subject matter experts.  All our courses are designed in a way to ensure that courses meet your continuing education requirements.


CPE Requirements
120 hours for a three-year reporting period, 20 hours annually
License Renewal Period
January 15th annually.
CPE Reporting Cycle
The annual reporting period begins on 1 January of each year. The three-year certification period varies and is indicated on each annual invoice and on the letter confirming annual compliance.
Ethics Requirement
There is no ethics requirement for CISA designation holders.
Carry Over Credits
No credit may be carried over from excess hours earned during a reporting period.
CLICK HERE for further reference on CPE regulations for Certified Information System Auditor (CISA)

All CISA needs to complete 120 hours of CPE during a 3-year reporting period out of which 20 hours must be completed annually.

There is no ethics requirement for CISA designation holders.

The Certified Information System Auditor (CISA) license renewal period ends on January 15th annually. 

The annual reporting period begins on 1 January of each year. The three-year certification period varies and is indicated on each annual invoice and on the letter confirming annual compliance. 

CLICK HERE for further reference.

Domain 1—Information Systems Auditing Process: Providing audit services in accordance with standards to assist organizations in protecting and controlling information systems. Domain 1 affirms your credibility to offer conclusions on the state of an organization’s IS/IT security, risk, and control solutions.

  1. Planning
  2. Execution

Domain 2—Governance and Management of IT: Domain 2 confirms to stakeholders your abilities to identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies.

  1. IT Governance
  2. IT Management

Domain 3—Information Systems Acquisition, Development, and Implementation

  1. Information Systems Acquisition and Development
  2. Information Systems Implementation

Domain 4—Information Systems Operations and Business Resilience: Domains 3 and 4 offer proof not only of your competency in IT controls but also your understanding of how IT relates to business.

  1. Information Systems Operations
  2. Business Resilience

Domain 5—Protection of Information Assets: Cybersecurity now touches virtually every information systems role, and understanding its principles, best practices, and pitfalls is a major focus within Domain 5.

  1. Information Asset Security and Control
  2. Security Event Management

CLICK HERE for further reference on the CISA website. 

The following categories of qualifying activities and limits have been approved by the CISA Certification Committee and are acceptable for CPE:

  1. ISACA professional education activities and meetings (no limit)
  2. Non-ISACA professional education activities and meetings (no limit)
  3. Self-study courses (no limit)
  4. Vendor sales/marketing presentations (10-hour annual limitation)
  5. Teaching/lecturing/presenting (no limit)
  6. Publication of articles, monographs, and books (no limit)
  7. Exam question development and review (no limit)
  8. Passing related professional examinations (no limit)
  9. Working on ISACA Boards/Committees (20-hour annual limitation per ISACA certification)
  10. Contributions to the IS audit and control profession (20-hour annual limitation in total for all related activities for CISA reported hours)
  11. Mentoring (10-hour annual limitation)

The annual maintenance fee for CISA members is $ 45 and for CISA non-members is $ 85.

CLICK HERE for more detailed information on renewal fees.

CISAs can complete 100% of the total required CPE hours via self-study courses. myCPE provides courses that are eligible for CISA Credit hours. Please CLICK HERE to visit more qualifying webinars on CISA.

CISAs who fail to comply with the CISA CPE Policy will have their CISA credential revoked and will no longer be allowed to present themselves as a CISA. Individuals who have their CISA certification revoked will be required to take and pass the CISA exam and submit a completed application for CISA certification.

For newly certified CISAs, the annual and three-year certification period begins on 1 January of the year following certification. Reporting CPE hours attained during the year of certification is not required. However, hours attained between the date of certification and 31 December of that year can be used and reported as hours earned in the initial reporting period. 

A CISA must obtain and maintain documentation supporting reported CPE activities. Documentation should be retained for twelve months following the end of each three-year reporting cycle. Documentation should be in the form of a letter, certificate of completion, attendance roster, Verification of Attendance form, or other independent attestation of completion. At a minimum, each record should include the name of the attendee, name of the sponsoring organization, activity title, activity description, activity date, and the number of CPE hours awarded or claimed.

Retired CISA Status

CISAs are entitled to apply for retired CISA status if over 55 years of age and permanently retired from the CISA profession, or unable to perform the duties of an IS audit, control, or security professional because of permanent disability. CISAs granted this status are no longer required to obtain CPE hours.

Non-practicing CISA Status

CISAs who are no longer working in the IS audit, control, or security profession are entitled to apply for non-practicing CISA status. Requests for the non-practicing status must be received by ISACA no later than 15 January and accompanied by your annual invoice. CISAs granted this status are not required to obtain CPE hours but are required to pay the annual maintenance fee. Once the individual has returned to the profession, they are required to return to active status.

myCPE provides courses that are approved for continuing education credits by NASBA. Based on the guidelines issued by these boards regarding Recertification credit hours requirements, we recommend the programs/ webinars to be suitable for CISA Professionals for the content specified in each webinar. However, it will be the responsibility of each attendee to ensure that they are eligible for the Continuing Education Credits based on their occupation/ job profile, knowledge requirements as well as guidelines laid down by their regulatory board before registering for the webinars.

CLICK HERE to view the ISACA website for CISA professionals.


Approved By
National Association of State Boards of Accountancy (NASBA) 143597
Internal Revenue Service (IRS) GEHNZ
California Tax Education Council (CTEC) 6273
Certified Financial Planner Board (CFP) 8061
Society for Human Resource Management (SHRM) RP5359
Human Resource Certification Institute (HRCI) 714694
FP Canada CE17222
American Payroll Association (APA) 372961
Texas State Board of Public Accountancy (TSBPA) 010556
Illinois Department of Financial & Professional Regulation (IDFPR) 158002756
New York State Board of Public Accountancy (NYSPA) 002976
Courses Eligible for CPE of Certified Fraud Examiner (CFE) Approved
Courses Eligible for CPE of Certified Valuation Analysts (CVA) Approved
Institute of Finance and Management (IOFM) Approved
Society of Trust and Estate Practitioners (STEP) Approved
Certified Senior Advisor (CSA) Approved

We use cookies to make your experience on this website better